In Windows Vista and later versions, you can assign a static IPv6 address and the gateway to the interface via a GUI or alternatively with netsh. Addresses can also be statically configured on Windows XP with

But the problem with this is that if RA-emmiting router is present on link, the Windows XP will also assign itself a automatically generated address based on the advertised prefix and a link-local (fe80::) address of the router as a default gateway.

How can I turn off the autoconfiguration if the host is addressed statically?

UPDATE

It seems that there is no straightforward way of disabling SLAAC without disabling IPv6 itself. Is there a registry setting to do so?

We still would like to know what you're really trying to do. If you have stateless autoconfiguration working, why not use it?
–
Michael Hampton♦Jul 31 '12 at 15:40

1

@MichaelHampton I'd like the host to have a specific address. There are hosts on the same segment that are configured statelessly. Since the host is statically configured, having SLAAC enabled just increases the attack surface (rogue RA, for example)
–
TiborJul 31 '12 at 16:12

3 Answers
3

So, in one image, here's the problem: XP's support for IPv6 is minimal at best. I don't believe it's possible to disable stateless autoconfiguration - or even to use anything but.

First off, I get my stateless autoconfiguration just fine, as well as my privacy address. The privacy address works on the global Internet, which I confirmed by visiting my IP address tool in Google Chrome.

So we start fiddling.

First, the GUI doesn't provide any configuration options for IPv6; see that "Properties" is grayed out. Everything you might want to do must be done from the command line.

The routerdiscovery=disabled suggestion from @MikePennington doesn't work because this command isn't supported on XP at all. It requires Vista or later.

IPv6 itself has matured since this code was released in 2003 (and Microsoft seemingly never updated it on XP) so it is limited by what was known about IPv6 almost ten years ago. As far as I can tell, IPv6 support in Windows XP should be considered "technology preview" and not used in production, or at least used with extreme caution and full understanding of its limitations.

Of course, XP is nearing the end of its useful life at this point, (and some would say it already passed the end of its useful life) so if you can upgrade the box, that's probably the easiest solution.

TL;DR: Look at the pretty picture. Weep. Upgrade to a current version of Windows.

Yeah, that setting is not available on XP.
–
JosephJul 30 '12 at 14:30

According to this technet article it is available for XP SP1, but you have to install yourself: IPv6 Internet Connection Firewall is only provided with the Advanced Networking Pack for Windows XP, a free download for computers running Windows XP with Service Pack 1. What XP SP are you running?
–
Mike PenningtonJul 30 '12 at 14:39

I can't name one specifically that has the functionality but the built-in XP firewall isn't the only software firewall available. Perhaps one of the other firewall software packages can chuck out those packets for you?